Banking trojan Dridex uses macros for infection

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Banking trojan Dridex uses macros for infection
Botnet Dridex, Cridex
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2014 / 2014-11-05
Editor/Conference Trend Micro
Link http://blog.trendmicro.com/trendlabs-security-intelligence/banking-trojan-dridex-uses-macros-for-infection/ (Archive copy)
Author Rhena Inocencio
Type

Abstract

The appearance of DRIDEX comes a couple of years after CRIDEX’s entry in the threat landscape. Both CRIDEX and DRIDEX steal personal information, specifically related data to online banking. DRIDEX is considered as the successor because it uses a new way to steal information—via HTML injections.

However, there is a major difference between the two. CRIDEX malware is one of the payloads associated with exploit kit spam attacks. DRIDEX, on the other hand, relies on spam to deliver Microsoft Word documents containing malicious macro code. The macro code downloads DRIDEX onto the affected system.

Bibtex

 @misc{Inocencio2014BFR1413,
   editor = {Trend Micro},
   author = {Rhena Inocencio},
   title = {Banking trojan Dridex uses macros for infection},
   date = {05},
   month = Nov,
   year = {2014},
   howpublished = {\url{http://blog.trendmicro.com/trendlabs-security-intelligence/banking-trojan-dridex-uses-macros-for-infection/}},
 }